In security, weird shift happens

Rob Whiteley

I just created a slide with a giant squid on it . . .


. . . so I think maybe it’s time to ask for your help.


It occurred to that I haven’t yet started blogging since I joined the Security & Risk team here at Forrester. My new job has me looking after our global research agenda for all things related to information security and risk management. So as I attempt to put pen to paper I was thinking, “where do I start?” Well, luckily that’s easy: Talk about our upcoming Security Forum.


One of the cool things about being a Research Director at Forrester is that you get to champion events. Last year I had the pleasure of championing our first ever IT Infrastructure & Operations Forum. Well, no good deed goes unpunished, so when I took over the security team I was immediately thrust back into planning for this September’s Security Forum (coincidentally, the event is being held in the exact same hotel as the Infrastructure & Ops event — so at least this time I’ll be in a better position to direct attendees to the facilities). And I kid about the punishment part. Putting on a good forum is a ton of work, but it’s extremely rewarding all said and done!


So what does an event champion do? Glad you asked. In short, I work with our events team to pick the theme, plan the content, write all the marketing collateral, recruit the Forrester and industry speakers, vet everybody’s presentations, practice the keynote, and, eventually, act as MC for the event.


Back to the squid.


That’s where I’m stuck. As part of my MC responsibilities I have to do the opening remarks. This kicks off the whole event. A good opening has to be informative, yet humorous. Short, but memorable. Deliver some value, but not take away from the keynotes. Basically, I have to set the tone for the event. Now, don’t get me wrong, I enjoy the spotlight. It’s just hard work to come up with a high impact opening for eight keynotes and 15 breakout sessions.


That’s where you come in. I’m looking for advice, thoughts, jokes, anecdotes, pretty much anything that will help me kick off the forum in style. But for that you’ll probably need some background first . . .


The theme of this year’s Forum is all about the shift in the security and risk management landscape. In fact, in a rather glib moment of weakness, I chose to make the tagline for the event “shift happens.” Where’d that gem come from? We've been discussing “change” for years. In fact, impending change has been the underlying theme for the first three Security Forums dating to 2006. We’ve always talked about how the future of IT will bring dramatic changes to workplace dynamics, sourcing models, and application portfolios. But change is no longer hypothetical — it's real. We need to move beyond discussions of the economy plunging into free fall and the resulting decrease in budgets, jobs, and discretionary security projects. This year we’re focusing on helping CISOs and other info sec pros understand how to navigate the new security reality in today’s topsy-turvy business climate. Each keynote and track sessions will focus on helping attendees master three major shifts: 1) a shift in business expectations; 2) a shift in ownership; and 3) a shift in security architecture.


So how about it? Does anyone have an interesting story about security teams facing change? Maybe something to do with Web 2.0 like Twitter or Facebook. I’ll give full credit for any and all ideas. Please leave any comments on the blog or send me a tweet.


Ok, so back to writing my opening remarks. What comes after a giant squid . . .


re: In security, weird shift happens

I've seen the shift go from organizations, like one I consult for, blocking all social networking, to realizing their is an untapped market for social networking. Soon we are advertising there, using it to attract new customers via press releases, and adding corporate accounts and friends. Now we are having to unblock these sites. With that, our posture moves towards using DLP to protect our interests on these sites and end-user awareness.

re: In security, weird shift happens

Think audiences: administrators, employees, customers, vendors and partners - how social network/Web 2.0 could create schizophrenia in organizations when it comes to user and administrative security...

re: In security, weird shift happens

Thanks for the good comments.I certainly agree with different controls, like DLP and awareness. We also have a lot of clients interested in updating acceptable and Internet usage policies. In general I've seen the shift from "let's prevent bad things from happening" to "let's monitor more and limit the risks as best we can." I think the days of security playing the veto card are gone. The business is moving ahead regardless. It's just a matter of whether security is an enabler or roadblock.And I love the idea of social security schizophrenia. I'll have to borrow that, if you don't mind!

re: In security, weird shift happens

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.Susan

re: In security, weird shift happens

Working with event team require dedicated and concentrated efforts with proper theme selections , planning with effective marketing and writing .